Rethinking IT Professional Ethics: Classical and Current Contexts
Marcus Wigan Oxford Systematics [email protected]
Abstract
Professional computer ethics has widened its scope over the last 20 years as a direct result of the massive growth in computer mediated services by government and industry, and concerns over how data and interaction processes are recorded. These shifts are explored in conjunction with the parallel decline in community trust of government. The growing importance of a broader view and action framework for professional computer societies is delineated.
Keywords: Ethics; Trust; Disintermediation
1 Introduction
There has been a steady shift from business-oriented computing, developed or deployed in a reasonably closed environment, to a far more open environment where a complex network of developers, users, and applications are involved. It has long been recognised that IT Professional ethics needed to be reviewed and respond to changes (Bowern et al 2006).
In the 20C environment it was reasonably clear who was responsible for the specification, development, and deployment of an application, and the target users were comparatively homogeneous. The general term ‘business computing’ communicated a flavour of automating existing tasks, and for a known and well-defined clientele, often within the same organisation.
The leading edge of AI systems were then simple machine learning rule-based deductive processes, delivered as rule-based systems, rather than as adaptive systems with increasingly less-transparent deep-learning neural networks.
The 21C growth of the internet not only expanded the scale and penetration of computer systems, but also stretched the links between an algorithm designer and the choices made for the final deployment to breaking point. By way of example, consider the implementation of underdeveloped simple rule-based systems such as Centrelink’s RoboDebt program, with its flawed embedded reconciliation between ATO data and Centrelink conventions and automated action systems that assumed a debt existed (in 20% of cases it did not exist).
2 Who is responsible for these continuing user interface issues for so many people?
The managers of the deployment phase would be the first port of call, but there is no formal discipline-specific ethics for management for which they are required to sign up as a condition of professional practice. The ‘ethics statements’ for individual businesses tend to be used as risk avoidance assertions with generic value statements, but they could still potentially be used for disciplinary action when a violation affects the organisation as a whole. The ethical issues that might be raised are complex and underpinned by the very different priorities and perspectives of a for-profit operation. The priorities and interpretations in the public service have a different environment, and the complexities of political direction and individual
execution are perhaps clearer than they are in a for-profit business, where survival and financial accountability are the over-arching and underpinning goals.
Failures in the for-profit environment are clearer than in the public service, as the goals in public service are inextricably bound up with the directions set by Ministers. In a Westminster system of government, a mistake by an employee is the final responsibility of the Minister, and (used to be) grounds for a Ministerial resignation.
The length of the chain between algorithm creator and encoder and final policy-based deployment has now become too long to ensure values and ethical connections between those at the start of the chain (or indeed those eventually operating the resulting systems once developed), to the managerial and policy objectives of day to day delivery. They are however not new (Wigan 1987), simply more extensive and pervasive.
The Classical approach to professional IT ethics has been conditioned by an underlying and rarely questioned risk avoidance philosophy. The goal is to protect organisations rather than individuals, and to lay strictures on individuals’ actions and decisions (Wigan, 1999). This approach was evident in the 1999 ACS Ethics Task force Survey of IT Professionals (two pages of which are shown as an Appendix).
3 Where are we now?
The current environment, 20 years later, has shifted a long way. Large scale IT implementations are no longer restricted largely to corporate bodies but are distributed widely in both the public and private sectors. There has also been a pronounced shift from ‘data processing’ to decision making in such systems. Perhaps the highest profile system has been the automated debt recovery system implemented by Centrelink. This has been widely - and pejoratively - termed ‘RoboDebt’, due to the unintended negative impact and severe stresses caused by the algorithms embedded in it and the way in which the system had been designed to operate.
The types of issues raised by such systems go well beyond the scope of the ethical issues summarised in the 1999 survey and raise questions about the end uses of the systems that IT professionals are asked to create and operate.
There is now a real need to expand on the scope and overage of professional ethics for the individuals within all computing fields, as the complexities of responsibilities at an organisational level have become increasingly blurred. IT has become so universal that failures either in design and implementation of computing applications have become difficult to disentangle for the managerial utilisation and management of the operational tools that at- source computing professionals have been instructed to create.
These questions are now of broad importance. Multiple inquiries and reports attracting wide community interest on the usage and applications of Machine Learning (ML) (aka “Artificial Intelligence”) appear around the world.
The responsibility for systems deployment remains with government or management.
However, IT professionals are now in the unique position of being able to see the possible outcomes of design and implementation decisions, and to express concern at the potential methods of deployment once completed. The generation of very large amounts of data, much of which is potentially reidentifiable, is also an issue or rising universality and importance to the community at large (Wigan and Clarke, 2013).
The new generations of systems are designed to minimise personal contact from end users or targets, and thereby improve efficiency, but at the same time they make the expression of concerns a great deal harder. Disintermediation of end user and designer is virtually complete.
Responsibility falls back on IT professionals to raise concerns at the design stage. This occurs when and if a problematic issue is identified by the IT professional that cannot be addressed internally and can only be addressed by his/her acting as a whistle-blower.
In such cases extending professional computer ethics would open an additional channel for resolution without recourse to public whistleblowing. While such a move is clearly beneficial to all parties, it is only recently that such virtue-ethical approaches have become seriously considered by the Professional Ethics Committees of Computer societies, but this attention is now being given seriously. Other approaches, deontological or consequential, are of course possible, but the focus of this desirable change in direction is on individual ethics and their extended enablement.
Ethics now plays a greater role in IT , but covers too wide an area of actions and perspectives to be useful without greater focus (Moss 2020)
4 Governance issues
It is equally clear that governance at the intersection of IT, computing, and society is underdeveloped and that this is a major omission in current professional ethical frameworks1. The rapid rates of change make professional ethics an active rather than largely passive and rarely reviewed area of professional activity. This will only become more vital as computing as a whole becomes endemic and embedded in both technical machinery and business activity.
The ability of IT2 professionals of all kinds to create computing capacities that can be misapplied and abused is growing swiftly, and the current formal ethical frameworks, designed as they were primarily for reputational and professional protection, are simply no longer sufficient. Risk assessment is no longer from the viewpoint of organisations but is moving into the hands - or at least the scope - of the professionals themselves.
One of the signals that the public is sending is their dissatisfaction with constrained design and interaction capacities of automated Interactive Voice Recognition IVR systems and websites with embedded rule structures that they are forced to use (mygov and the related multiple government websites -such as myagedcare- are typical examples). Anecdotally, insufficiently considered design and delivery is now much more widespread.
The issues discussed so far might be structured as follows:
• Current ethical frameworks,
• Extensions of Professional IT Ethics
• Governance changes
1 e.g. The Governance and Identity workstream in the current IEEE Standards Association Industry Connections program: Digital Inclusion Trust and Agency (DITA) Initiative https://standards.ieee.org/industry-connections/diita/index.html) which has a Governance and Identity workstream Convenor Marcus Wigan
2 The abbreviations IT (Information Technology) and ICT (information and Communications Technologies) are used interchangeably here as the contexts vary
Current ethical frameworks are beginning to shift. The recent whistle-blower protections limited though they are to the private sector3 , are a good start. The introduction of some form of formal protection of whistle-blowers is long overdue, but the omission of the public sector (and the effective limitation of the scope of these new powers within the many contractors while including regulated bodies) still omits huge areas of public concern. All of this is occurring when ITC is rapidly becoming the means of primary delivery. Outsourcing attenuates the governance chain only further.
Plausible deniability via this displacement of government responsibilities to the private sector adds a complex and contentious layer of political activities and responses, already obscured by the overreach of surveillance legislation. This interaction is complicating whistleblowing as the stripping of almost all previous encryption-protectable communications has already reduced the cover for the normal healthy role of journalists.
As communications media, and indeed most fresh government services, are now almost exclusively ICT-mediated, this adds a further layer of complication to current ethical behaviours, and retrospective identification of both content and identification of those with whom communication occurs is now a reality. The exemption of politicians and public servants from whistleblowing therefore now has a very ICT resonance, and vastly increases level of personal risk. This is the current ethical environment. It is not one that encourages or supports ethical behaviours in or around the ICT sector.
The new territories are now data linkages, biometrics, and adaptive decision making. In each of these areas substantial impacts on people can be and are generated without any knowledge of their subjects, and the ethical concerns of those implementing them are real.
5 At which points are ethical decisions now needed?
It is not clear who is responsible for ethical decision making, and at which points on the decision-chain they are situated. Some candidates are:
• Privacy by design [ICT]
• Authorisations for access and release [ICT and management]
• Secret mass data flows from applications [all too common* , and in ICT purview]
• Transparent and independent auditing of ML and algorithmic embeddings [ICT]
• Security theatre. Abuse of ‘national security’ to overwhelm all privacy and collateral impacts, objections and accountability [political- but ICT is heavily involved]
In each area ICT ethics has a significant role to play. In the last area, the Virtue Ethics of individuals in ICT arguably has a major role to play (Wigan 2015) as it addresses the kind of person one is (Stanford Encyclopedia of Philosophy, 2016). Alternatives previously proposed for IT include a form of consequentialism (Moor, J. 1999). At first sight deontological ethics might be the most pertinent, as it draws from a stance that there are rules that can be applied to determine what we ought to do. Taking a virtue ethics approach emphasises the ethical
3 Treasury Laws Amendment (Enhancing Whistle-blower Protections) Act 2019. No.10, 2019. An Act to amend the law in relation to whistleblowing, and for related purposes accessed on 16 August 2019 at https://www.legislation.gov.au/Details/C2019A00010
values that resonate with an individual in his/her personal capacity and what kind of person they wish to be. This phrasing readily brings to mind the motivations often expressed by whistle-blowers as distinct from compliance with ethics statements of formal stated ethics procedures and risk assessments.
Why does all of this matter? It matters because the success of all such systems depends on trust. Without trust, institutional and political credibility falls away, and distanced uses of data and automated decision reduce it further. Trust is a function of individuals.
Supporting mechanisms to assist ICT professionals to make ethical decisions, actions, and representations are now needed as they are at the heart of many ICT developments and deployments. This has moved ICT whistle-blowers into what has become a key public interest domain (Snowden and Boyle are simply two examples).
6 Trust in government as a factor
Many of the most difficult areas are within government - where ICT is becoming almost the sole channel between citizens and government instrumentalities. But, do they now have the necessary trust? And will they have it in the future?
The work of Stoker et. al. at the University of Canberra suggests that this is doubtful, and active steps will be needed to be taken on many sides in order to make it so.
Figure 1: After Stoker et al 2018, 2019
One of the necessary steps has emerged from the most extensive inquiry into AI ethics to date, by the UK House of Lords, which created a remarkable body of evidence and consideration.
However, the most significant outcome was the response of the UK Government, who
concentrated on creating governance organisation and procedures in order to enable desirable outcomes (UK Government, 2018.
This was a response at a higher level than ‘simple’4 data protection and privacy, and it is a model that could and should be built upon. It is one of the planks on which trust in ICT intermediated companies, governmental and corporations will increasingly come to depend.
It is hard to see how public trust in either government – already under major threat – and the ICT sector can be improved without such steps. The need to do so, or at least to address the visible decline, is strong (Stoker, et al, 2018): a drop in democratic satisfaction in Australia from 78% to 41% is a serious warning. The results are stark:
“trust in key institutions and social leaders is eroding. By 2025, if nothing is done and current trends continue, fewer than 10 per cent of Australians will trust their politicians and political institutions” (Stoker et al, 2019).
In the recent global pandemic, where ICT has become critical in the infections tracing function, Fukayama has asserted that The crucial determinant in performance [of the actions taken such as ICT tracing] will not be the type of regime, but the state’s capacity and, above all, trust in government.
(Fukayama, F. 2020) The disintermediation role of ICT, and the consequent need for trust, has suddenly become visibly critical at a global level.
7 The emergent role of professional computer societies
There is however a complementary route that remains open in the absence of meaningful action by government, and that is to enhance the Professional Ethics activities and consequently more engaged member support within professional ICT societies. This will need to involve both the Australian Computer Society (ACS) and the IEEE (Institute of Electrical and Electronic Engineers) as the pervasiveness of internet of things systems, including automated vehicles, is growing.
It has long been the case that the ACS leadership has quietly intervened to resolve ethical conflicts for members, but the major shifts in society just outlined demand a move from a passive code of ethics to an active one. The moves to an ICT mediated society are accelerating, with cash declining rapidly and automated systems for customer-facing services growing swiftly.
The private sector faces increasing issues in personal data handling, release, and de- identification. While there is as yet no equivalent to the EU GDPR (PWC, 2017), its advent has precipitated moves towards better privacy and data handling regimes in Australia.
There are formal moves to address some aspects of Data Ethics – the UK asserts that “You must not proceed with your project if your data use is not proportionate to the user need” but few provide the active support for whistle-blower channels to address the long gaps between the IT professional and the impact on the community at delivery.
Government data is a valuable commodity, but reliance on anonymisation is a key element- yet this is often poorly recognised, and when an expert demonstrated how easily it could be deanonymized government moved to make such actions illegal and pressed for the party
4 As the impacts and interpretation into action of the EU GDPR has made very clear, any action in this area can never be ‘simple’, however admirable a first cut the GPDR might be - and it is.
concerned to leave her academic post. This example both illustrates that IT professionals now have a real need for professional ethical support from their societies, and that virtue ethics is a valuable perspective on IT ethics.
The most recent developments in mass surveillance and social network data collection (required to trace coronavirus contacts) have catalysed many in the expert community to contest and press for transparency (and indeed technical improvements) in this large-scale government initiative to help to secure the trust required for its success. Such trust is hard to create under the synoptic declines that were discussed earlier, and increasingly relies on individual motivations both within and without government to help the necessary trust to develop.
Such examples are unlikely to become less frequent as ICT has come to disintermediate almost all large-scale interactions in the community, certainly with government at all levels but increasingly with commerce as well.
The empowerment of IT professionals through their professional organisations has become a key social contribution, and a further reason for professional societies to move quickly to encompass such constructive ethical action.
Acknowledgements
The comments of the referees are acknowledged as contributing significantly to this paper.
References
Bowern M., Burmeister, O., Gotterbarn, D. and Weckert, J. (2006) ICT Integrity: bringing the ACS code of ethics up to date. Australasian Journal of Information Systems 13 (3) 169-181.
Fukuyama, F. (2020) The thing that determines a country’s resistance to the coronavirus. The
Atlantic. March accessed on 29-3-20 at
https://www.theatlantic.com/ideas/archive/2020/03/thing-determines-how-well- countries-respond-coronavirus/609025/
Haughey , M. (2013) The uncertainty of ethics in IT. pp 62-70 IN Professionalism in the Information and Communication Technology Industry IN Weckert, J. and Lucas, R.
[Eds] Practical Ethics and Public Policy Monograph 3 Series . ANU ePress [available at no charge from https://press.anu.edu.au/publications/series/practical-ethics-public- policy/professionalism-information-and-communication#pdf
Moor, J. (1999) Just consequentialism and computing. Ethics and Information Technology 1(1), 65-69.
Moss, E. and Metcalf, J. (2020) Too big a word. https://points.datasociety.net/too-big-a-word- 13e66e62a5bf (discussion covered in the forthcoming Data and Society report “Ethics Owners: A New Model of Organizational Responsibility in Data-Driven Technology Companies”) .
Price Waterhouse Coopers (2017) GPDR Fast Facts. accessed at https://www.pwc.com.au/assurance/assets/gdpr-fast-facts18.pdf on 4-9-19
Stanford Encyclopedia of Philosophy (2016) Deontological ethics. Accessed on 29-3-20 at https://plato.stanford.edu/entries/ethics-deontological/
Stoker, G., Evans, M. and Halupka, M. (2018) Trust and democracy in Australia. Democratic decline and renewal. Report No 1. University of Canberra (52pp). December accessed 16-8-19 at https://www.democracy2025.gov.au/documents/Democracy2025-report1.pdf
Stoker, G., Evans, M. and Halupka, M. (2019) Bridging the Trust Divide: Lessons from international experience. Report No 2. University of Canberra. (13pp) accessed 16-8-19 at https://www.governanceinstitute.edu.au/magma/media/upload/publication/406_Who- do-you-trust.pdf
UK Department for Digital Culture Media and Sport (2018) Guidance: Data Ethics. Accessed on 28-3-20 at https://www.gov.uk/government/publications/data-ethics- framework/data-ethics-framework
Weckert, J. (1999) Survey of IT Professional’s Ethical Attitudes. pp1-2 of 4. School of Information Studies, Charles Sturt University
Wigan, M.R. (1987). Legal and ethical issues in expert systems used in planning. Environment and Planning B (14) 305-321.
Wigan. M.R. and Clarke, R.A. (2013) Big Data’s Big Unintended Consequences. IEEE Computer 46(6),46-63.
Wigan, M.R. (2015) Big Data – Can virtue ethics play a role? Retrieved from https://works.bepress.com/mwigan/29/download 1-4-2020
UK Government Response to the House of Lords AI Select Committee Report on AI in the UK:
Ready Willing and Able. (2018) APGS CM9695 [CCS0618948288 978-1-5286-0607-3] 42pp Weckert, J. (1999) Survey of IT Professional’s Ethical Attitudes. pp1-2 of 4. School of Information
Studies, Charles Sturt University
Copyright: © 2020 Rethinking IT Professional Ethics. This is an open-access article distributed under the terms of the Creative Commons Attribution-NonCommercial 3.0 Australia License, which permits non-commercial use, distribution, and reproduction in any medium, provided the original author and AJIS are credited.
doi: https://doi.org/10.3127/ajis.v24i0.2851
